Форум системных администраторов
General => Главный => Тема начата: Retif от 18 февраля 2020, 13:30:50
-
LDAP channel binding and LDAP signing provide ways to increase the security of network communications between an Active Directory Domain Services (AD DS) or an Active Directory Lightweight Directory Services (AD LDS) and its clients. There is a vulerability in the default configuration for Lightweight Directory Access Protocol (LDAP) channel binding and LDAP signing and may expose Active directory domain controllers to elevation of privilege vulnerabilities. Microsoft Security Advisory ADV190023 address the issue by recommending the administrators enable LDAP channel binding and LDAP signing on Active Directory Domain Controllers. This hardening must be done manually until the release of the security update that will enable these settings by default.
Microsoft intends to release a security update on Windows Update to enable LDAP channel binding and LDAP signing hardening changes and anticipate this update will be available in March 2020.
...
March 2020 Required: Security Update available on Windows Update for all supported Windows platforms that will enable LDAP channel binding and LDAP signing on Active Directory servers by default.
https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows
*disimulo*
-
То есть, старые принтеры больше не смогут в LDAP, нопремер?
-
А ты проверь :spiteful:
-
Retif, да чо-та лень :) Дождемся проблем, а потом будем их героически решать :)
-
Еще ссылка: https://www.petri.com/microsoft-delays-ldap-signing-and-channel-binding-changes-in-active-directory
-
Еще в ту же тему: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/ldap-channel-binding-and-ldap-signing-requirements-march-2020/ba-p/921536